Pandemic has spawned ‘record-breaking’ cybercriminal activity: Report

By HALLEY FREGER, ABC News

(NEW YORK) — As the coronavirus pandemic has spread around the world, cybersecurity experts are tracking “record-breaking” levels of cybercriminal activity, according to a new report released by the cybersecurity firm Bolster on Wednesday.

In the first quarter of 2020, Bolster documented a massive spike in both phishing and website scams, detecting 854,441 confirmed phishing and counterfeit websites, 30% of which were COVID-19 related, in addition to another four million suspicious pages.

Many of the COVID-19 scams — whether they are emails or websites offering fake coronavirus cures or bogus stimulus checks — share a common denominator, according to Shashi Prakash, chief scientist of Bolster.

“We’re seeing these different trends that go in parallel with what’s happening in the news out there,” Prakash told ABC News. “And we’re seeing the scammers morphing their techniques with different kinds of scams to target people.”

The flood of scams has spurred law enforcement to action. The Justice Department announced on April 22 they had disrupted “hundreds” of online COVID-19 scams after a cooperative effort between local law enforcement and private-sector companies based on more than 3,600 complaints sent to the FBI’s Internet Criminal Complaint Center (IC3) since the start of the crisis.

“We believe our collaborative efforts are the key to quickly reducing the threat from COVID-19 scams while allowing the American public to focus on protecting themselves and their families from this pandemic,” said FBI Executive Assistant Director Terry Wade.

Some of these scams weaponize misinformation. Despite the Food and Drug Administration’s warning that hydroxychloroquine is considered neither safe nor effective for treating COVID-19, Bolster counted 1,092 websites hawking hydroxychloroquine as a cure in March alone. These sites might sell real but possibly dangerous medication, phish for sensitive information, or just spread false information.

Diana Burley, a professor of cybersecurity at George Washington University, said that criminals are taking advantage of the specific vulnerabilities associated with the COVID-19 crisis as people are desperate for information in an unstable landscape that is continuously evolving.

“The general public is not used to so much uncertainty,” Burley told ABC News. “We look to official sources for answers and when there isn’t an answer, it is disconcerting for people. And so they are going to continue to seek out something that can provide them with some sense of stability.”

Other online scams prey on economic insecurity. In response to the current economic downturn, the Treasury Department sent out stimulus checks to Americans to provide economic relief as part of a $2 trillion stimulus package signed into law on March 27. Meanwhile, according to Bolster, scammers registered over 145,000 suspicious domains with the term “stimulus check.” And from February to March, Bolster found a 130% increase in websites claiming to offer small business loans.

“We started seeing these sites coming up, claiming to help you with getting that money and those kinds of scams are concerning,” Prakash said, “because the people who are in need of this money, they are the ones who are getting scammed.”

The FBI announced last month that it had “identified a number of look-alike IRS stimulus payment domains.” To prevent further use of these domains, the FBI alerted numerous domain registries to their existence.

Still other scams target those who are confined to their homes. According to Bolster’s report, as much of the country began working from home, there was a 50% increase in collaboration and communication between phishing sites from January to March. Experts say remote workers are more vulnerable.

“We have a very large opportunity for would-be criminals because we have moved so many workers out of their workplaces where they were working on more secure systems, and now they are at home and so they are more vulnerable,” Burley said.

As the COVID-19 crisis continues, experts expect that scammers will continue to adjust to the unique vulnerabilities of consumers.

“The people who are creating these sites,” Prakash said, “they can keep changing their techniques and tactics and that’s not going to stop until we actually find them and stop them.”

To maintain security online, experts recommend using a combination of strong passwords, two-factor authentication, and up-to-date virus-protection software. They also recommend being particularly cautious by verifying if a site or email is legitimate and only going to official sources or authorities for information.

Burley warned that as states start to reopen — putting a host of new challenges in front of consumers — corresponding criminal activity will emerge.

“Anything that becomes of great need, whether it’s a product need or informational need,” Burley said, “we can bet that criminals will see that as well and that they’ll try to take advantage of it.”